Qnewbie

Currently, I set
1. allowguests=no
2. simple error "No matching peer found" is given

However, the attacks come always back a few days after changing ip address with 30 register trials per minutes. IP01 cannot work properly as CPU load is too high

ttmuskie

I use non-standard port.

bubblestar

In IP01, allowguests=no should aslo be set and PIN can be applied in certain important (pay) trunks.

角色

1. You have to disable port 22
2. Reduce or even remove the message written on the flash
3. Set a particular option which does not let the intruder know the response message is no valid extensoion or invalid password. Only simple error is given to the intruder.


YH

bubblestar

IP01 本身的防禦能力不太高吧!

Atom PC Asterisk 我自己有用Fail2ban，但個人認為最前第一防線應在Router作設定。你用RouterOS 是正確的路向。

RouterOS 好像雯雯都有，不知她是否可提供作法。

一些參考資料:

MikroTik 官方 wiki (http://wiki.mikrotik.com/wiki/Main_Page)
很多技術文章，值得花時間

大陸網站：
RouterOS 教程 u.115.com (http://www.google.com/search?hl= ... i=&aql=&oq=)
感謝 RouterOS 兄提供


論壇討論文章：

讓 MikroTik RouterOS 支援 NAT loopback - PCZONE (http://www.pczone.com.tw/vbb3/thread/16/153188/)
讓 MikroTik RouterOS 支援 NAT loopback - Mobile01 (http://www.mobile01.com/topicdet ... p;t=2079471&p=1)

MikroTik 官方 wiki 文章：

Forwarding a port to an internal IP (http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP)
最基本的開 port

Home Firewall (http://wiki.mikrotik.com/wiki/Home_Firewall)
家用 Firewall 的 scripts，不過記得把 scripts 裡面的範例 ip 改成自己家裡的

Hairpin NAT (http://wiki.mikrotik.com/wiki/Hairpin_NAT)
NAT loopback 的解法

Bridge Filter - Blocking DHCP Traffic (http://wiki.mikrotik.com/wiki/Br ... ocking_DHCP_Traffic)
防止區網內其他 DHCP server 干擾

How to secure a network using ARP (http://wiki.mikrotik.com/wiki/How_to_secure_a_network_using_ARP)
防止未授權電腦連上網路

How to Block a Customer and Tell him to Pay the Bill (http://wiki.mikrotik.com/wiki/How_to_Block_Customer)
好玩的功能，房東適用，先斷你網路，繳了錢再說 XD